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CLAIMS: - - 

1. A proactive operating environment -that includes a 
group of prdactive :; . servers J= : common i eating over a 
network; each proactive server (PSi) comprising: 

a storage that' ^iriclfude/s ; a. non erasable part that 
stores at least a 'public,.; non", proactive related, key 
V*start ; said storage further/; includes an erasable part 
for storing private- and- public data; said proactive 
server is further associated with a discardable one-time 
private key S x S tart i hat corresponds to said public key 
V^staxtf said proactive-^ server is further associated with 
configuration data C; '"^ 

a processor. for: ; "providing " at , least proactive 
services to applications; 

the proactive server is associated with a group 

public proactive key ^.Vcert common to said group of 

b*2rr« tr-u-l r;~p-zr " r-: 
proactive servers and" a. share S ceat of a corresponding 

private proactive key Scsr T ; 

the processor is; .-operative to ..invoke initialization 
procedure for generating: restore related information; 

the processor is further operative to invoke a 
restore procedure for utilizing at least said public, non 
proactive related /; key.. ^stare and said restore related 
information for restoring at leWs^'Ssaid'>'$>ublic proactive 
key Vcert- ■■::*. 

2, The system according- to Claim vl> therein said restore 
procedure is invoked by refresh procedure. 
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3. The system ,accor4ing. : to Claim 1, wherein said 

non erasable part . of- "the, : ^storage-, being a ROM memory 

■ ;--:e::"acc >rcir>o to C, 
module. r - - - • • - • 

4. The system, according ,tp Claim , 1, wherein said 

applications being,." at. least.,one x of- ;the following: 

-:=:i "Ac:: .vi : d:i f:5 to" *C' = ! :1 in " . . 

Secure logging/ v Secure end-to-end communication, 

• -l V: r> for s'-r or. incl; :!£S 
Timestamping, Certificate authority, :: Key. recovery, Voting, 

Trading, Database,-.;, Operating . t .system, Access control 

mechanisms, Secure Commerce. 

5. The sys"tem according" to Claim 1, wherein said 
restore related information"^ related self 
information. .... 

6, The system' "acdording "'to - '~Claim 1/ wherein said 
restore related information ' includes " restore related 
others' information/'./'" 7—/" 

7„ The system According to 1 £l aim 5, wherein said 

restore related self ' ; in formation includes M z = S x start (Vcerzr 

c>. :///* f / f ; 

8. The system : According to. tlairo 6, wherein said 
restore related others'./information'. includes [S C erv(M) ,M) . 

9. The system' fa c cor ding to Claim 1, wherein said 

initialization procedure, includes:- . 

(i) input* for/: receiving /at. least configuration 
data C, public, non-proactive related key V* a t&£t and 
discardable one. time.* private key S I 3 tartr 

(ii) the processor generating a set of keys Sx(0) , 
Vj(0), Ex(0),. Dj(0).;.- : , 

(iii) broadcasting : ; said set of keys except D z (0) 
over the network" .to the rest of the servers 
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10 (1. . .n) y iri^-t he J-; - g r pup v s o a s to au t hent i ca t e 

11 and encrypt the network channel; 

12 (iv) the processor generating the group public 

13 proactive keyC r^c^lt - and J a" " share (S 1 csftzv> of 

14 corresponding ^private proactive... key Scert^ 

15 (v) the processor^ generating restore related self 

16 information , that includes M x S'starc .(Vcert* O < 

17 (vi) discarding, Vthel prie-time . private key S*$tart/ 

18 (vii) broadcasting ''Mi J to all servers in the group, 

19 and receiving Mj from all respective SPj servers in 

20 the group; the' ; processor concatenating said Mi*. Mm so 

21 as to const ret M; 

22 (viii) the processor generating a joint signature 

23 (Seen (M),M) that : * forms 7 part" oi said restore related 
)Z 24 others' information; and. _ 

-4 25 (ix) broadcasting' "the 'joint signature (5 Cer t 

11= 26 (m),m). " " 

H i io. "The system * according' " to ciaim 1, wherein 

2 said recover procedure^ 'includes: ' 

3 (i) the processor; extracting V^itart/ 

4 (ii) the processor; extracting Mj from itf/ 

5 (iiD the processor' constructing V c&r t by applying 

6 V^tarc to ; - 

7 (iv) the processor "validating M by applying Vbrar 

8 to the joint signature ,{ part (S Ce rt (M) ; if the result 
' 9 matches M then-'' the- server 'becomes operational; sending 

10 M and S C ert (M) to all the group servers ; 

11 (v) if, on the other hand, M * is invalid, then 

12 waiting the receipt; of another joint signature and 

13 in response repeating said (ii):. to (iv) . 
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1 11. For use in the, system^ of Claim ,- : l, an initialize 

2 procedure. ..7^ n : ^- >c:: ' 

1 12. For use in "the: 1/ a restore 

2 procedure. \' 

1 13. A method for ,^ providing^ security in 

2 proactive operating * > environment ; - the proactive 

3 operating environment^ include? a group of proactive 

4 servers communicating over' "a network; each proactive 

5 s e r ve r ( P S i ) comp r i sin g : ^ ■ 

6 a storage tnat Xnciudes; -at.- noil erasable part that 

7 stores at least a "public, nori proactive related, key 
y 8 .^start t said storage" -further "'includes' 1 ' an erasable part 
^ 9 for storing private and public data; said proactive 
^ server is further VsVociated with" "a" discardable one-time 

11 private key S^rt thatTcbrresF^rids to said public key 

12 V 1 start/ said proactive ' server 'is' further associated with 

13 configuration data. C; 

14 a processor ' ''"'for^^rov^dlng^-^'at'^' least proactive 



M: is services to applications; 
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the proactive - : server is : associated with a group 

17 public proactive * key ' "y^/r * common to said group of 

18 proactive servers "and 'ay share S j CE rt of a corresponding 

19 private proactive keiy ;Sq&>/ the method further including: 

20 invoking initialization 'procedure for generating 
restore related information; and invoking a restore 
procedure for utilizing at-VVleast r said public, non 
proactive related, key_ V I S t*rt and said restore related 
information for restoring at least . said public proactive 

25 key Vc&AT- 

1 14. The method according to Claim 13, wherein said 

2 restore procedure is invoked by refresh procedure. 
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15. The method according,.- to. Claim.,13, wherein said non 
erasable part o£ the.. storage Ibeing a ROM memory module. 

16. The method according ~\ ;|o '. ' Claim 13, wherein said 
applications being at^least .one of the' following: 

Secure logging J; Secure end^o-end communication, 
Timestamping, clrti'rfcate ' authority, Key recovery, 
Voting, Trading,.. Database, Operating system, Access 
control mechanisms, r.Secure ; Commerce. .. 

17. The me4od %dcor-din^ 5 - tV Claim 13, ' wherein said 
restore related information includes restore related self 
information. 

18 . The meXHoS q raoi»rdiiig;! '& Claim 13, wherein 
said restore related' ihformat ion includes restore related 
others' information."-' 

19. The method ;: ^ccdrd'ing . to Claim 17, wherein 
said restore related self ; information includes Mr = S T SMre 

(Vcezt, C). ■'■ - , y ... 

20. The method- 3 Recording ' to Claim 18, wherein 
said restore related- others' ' "^information includes 

21. The raethod;f:a'.ccor"ding: to Claim 13, wherein 
said initialization, procedure.. includes: 

(i) receiving t at j least ^configuration data C, 
public non-proactive related- key V% rt and discardable 
one time private key S 1 ^™: 

(ii) generating^ . a-^set ,o'f ; ' ke'yV Sj<0) , V x (0) , Et(0) , 

D z (0); .- 

(iii) broadcasting said set, of keys except D z (0) over 

the network to., the . rest of the servers 
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10 { 1 . . i-2 -n).? ~ i n - r the., group, ; : so ' as to authenticate 

11 and encrypt the network channel; 

12 <iv) generating the O gr.oup:. . public ..proactive key Vbert 

13 and a share - V( Sf. tC ^^. ... of " corresponding private 

14 proactive key "'S'cERri ; - -. t - ■ ■■-"^'l .> 

15 (v) gene rat ing'rjs store' related! "self information that 

16 includes Wj =_ Si S tart.: r (Vcezz, C) \ 

17 (vi) discarding the., one -time- private key S start/ 

18 (vii) broadcasting Mj' to* all servers in the group, and 

19 receiving Mj from all respective SPj servers m the 

:.-;;cth<v V ~.- r ~ -:r-l'v -o; i-' - 

20 group; the processor concatenating' said Mi. .Mm so as 

21 to constrct M; ' *" j'I 

22 (viii) generating a" joint signature" '(Scert (M) ,M) that 

23 forms part of" said" ' restore " related others' 

24 information"; ancT '"*''' ~ . . 

25 (ix) broadcasting the "joint signature (S C erz (M)/M). 

1 22. The inetho^* : adcordin^ ' to "Claim 13, wherein 

2 said recover procedure' includes : 

3 (i) extracting 0 " start/ *'*-■■"' J " ; 

4 (ii) extracting Mj from 

5 (i±i) constructing Vcerr by applying V^^c to M I; 

6 (iv) validating M by.^ applying Vb^r to the joint 

7 signature part (S Ce rt (M) ; if the result matches M then 

8 the server becomes operational; sending M and Scert 

9 (M) to all the group servers; 

10 (v> if, on" the other 'hand, M "is invalid, then 

11 waiting the receipt of another joint signature and 

12 in response repeating said (ii) to (iv) . 

1 23. For use in the method of Claim 13, an initialize 

2 procedure. 
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1 24. For use in the method of Claim 13, a restore 

2 procedure . 
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1 25. A storage medium -> -storing".; computer implemented 

2 program for providing; -a. . proVctlve^ security in proactive 

3 operating environment;,^,. th ©<. .proactive operating 

4 environment includes.,, a.- grpup- of : -proactive servers 

5 communicating over 'a network /-V^ "each proactive server 

6 (PSi) comprising: '"**"' 

7 a storage that "Includes a" non erasable part that 

8 stores at least a public/ non _ proactive related, key 

9 Vstart / said storage .'further " includes" an erasable part 
10 for storing private "and public data; said proactive 

_ li server is further associated, with "a"" discardable one-time 

12 private key S x 5M re" that?" corresponds to said public key 

4= 13 V^start/ said proactiVe" server is r '''further associated with 

14 configuration data C/' y r: ~'*' x ' : * C 

O „ tf - "^'tox^-hq {• -viz .:- !.d - 

iyt 15 a processor... . ,£ or providing., .at , . least . proactive 

16 services to applications;. 

17 the proactive server is associated with a group 
[~ 18 public proactive key t /iy CSRT common to said group of 
!=§= 19 proactive servers and a . share - S i C ert of a corresponding 

20 private proactive key Smri the method further including: 

21 invoking initialization; procedure for generating 

22 restore related information; and invoking a restore 

23 procedure for utilizing, i at least said public, non 

24 proactive related, . key - rfstarz' and said restore related 

25 information for restoring, at : least said public proactive 

26 . key Vcert. - r. > • - : - 
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